[
https://issues.apache.org/jira/browse/GUACAMOLE-880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16930299#comment-16930299
]
Bolke de Bruin commented on GUACAMOLE-880:
------------------------------------------
In short ;), I am asking if you would consider allowing patches that create the
neccesary facilities inside Guacamole to support this and to help guide us to
do it at the right place. This would allow us to continue to use Guacamole,
which is awesome, and not to resort to a fork or propietary solution. I also
think it would benefit the community.
> Obfuscation of guacamole client protocol
> ----------------------------------------
>
> Key: GUACAMOLE-880
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-880
> Project: Guacamole
> Issue Type: Wish
> Components: guacamole-client, guacamole-server
> Reporter: Bolke de Bruin
> Priority: Major
> Labels: security
>
> One of the reasons we deploy guacamole is to limit data leakage
> possibilities. We recently had a audit on our infrastructure and it was shown
> that it was quite easy to leak out data through the guacamole protocol by
> creating special images inside the desktop and then using mitmproxy (python)
> and the guacamole python modules to capture the data inside those images.
> In order to limit the attack surface we would like to have obfuscation of the
> protocol if configured to do so. Of course this could be done by implementing
> a custom protocol, but it would be nice if Guacamole would have the
> facilities (hooks) to do this. One could think of allowing a custom function
> to encrypt/obfuscate the outgoing stream and attach into the javascript that
> decrypts the stream.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
